Summary: The US cybersecurity agency CISA has warned organizations to urgently patch two zero-day vulnerabilities in Gladinet CentreStack and Microsoft Windows due to their exploitation in the wild. The CentreStack vulnerability, CVE-2025-30406, can allow attackers to execute arbitrary code remotely, while the Windows flaw, CVE-2025-29824, poses risks of privilege escalation. Organizations are urged to implement fixes before the April 29 deadline mandated by CISA.
Affected: Gladinet CentreStack, Microsoft Windows
Keypoints :
- CISA identified two exploited zero-day vulnerabilities that need urgent action from organizations.
- CentreStack vulnerability could allow remote code execution due to improper management of cryptographic keys.
- Windows vulnerability could lead to local privilege escalation, with exploit activity noted against various international organizations.
- Organizations are encouraged to patch the vulnerabilities or implement interim mitigations immediately.
Source: https://www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/